[ Tuesday, April 13, 2010 ]
Interesting NIST paper: This publication from NIST
is a good, common-sense discussion of how to properly protect "personally identifiable information." It's not specifically HIPAA-oriented, but it sure makes sense when you do a risk analysis (which you should be doing regularly under the Security Rule; you know that, right?). Figure out what you've got, don't keep what you don't need, categorize based on impact value, and protect accordingly. They quote McGeorge Bundy: "If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds." True.
Hat tip: Alan Goldberg
Jeff [11:18 AM]
Blogger: HIPAA Blog - Edit your Template